Overview

The Manifest Security Initiative is collaborative research program including
faculty, students, and post-doctoral researchers at the University of
Pennsylvania and Carnegie Mellon University.

This project proposes manifest security as a new architectural principle for
secure extensible systems. Its research objectives are to develop the
theoretical foundations for manifestly secure software and to demonstrate
its feasibility in practice.

Manifest security applies to extensible software platforms—software
systems that can be customized by installing third-party extensions. The goal
of manifest security is to address two fundamental problems in this domain,
both stemming from the need to protect the platform from untrusted and
potentially malicious extensions. Useful software extensions often require
access to system resources or sensitive information, yet permitting
unrestricted access opens the possibility for abuse. It is therefore necessary,
first, to specify policies about what resources an extension may use and how it
can handle sensitive data; second, the platform must also include an effective
mechanism for enforcing such policies. The critical components missing from
existing architectures are thus (1) a general, practical means for users to
specify security policies about how extensions are permitted to behave, and (2)
a way of determining whether a given extension (which may be malicious)
actually meets the desired policy. Manifest security addresses both of these
issues.

The Manifest Security Initiative is supported in part by the National Science
Foundation, grants CNS-0716469 and NSF-0715936.